From c35a55babd9aa6e1ad8797f3d54deec2f78ff78a Mon Sep 17 00:00:00 2001 From: Vika Date: Wed, 28 Sep 2022 23:13:02 +0300 Subject: Switch to TypeScript This neccesitates installing TypeScript to build Kittybox, but thankfully Nix actually takes care of that. Build Kittybox with Nix and you won't have problems. Also now I can safely do stuff. --- kittybox-rs/src/frontend/indieauth.js | 107 ---------------------------------- 1 file changed, 107 deletions(-) delete mode 100644 kittybox-rs/src/frontend/indieauth.js (limited to 'kittybox-rs/src/frontend/indieauth.js') diff --git a/kittybox-rs/src/frontend/indieauth.js b/kittybox-rs/src/frontend/indieauth.js deleted file mode 100644 index 1762bdd..0000000 --- a/kittybox-rs/src/frontend/indieauth.js +++ /dev/null @@ -1,107 +0,0 @@ -const WEBAUTHN_TIMEOUT = 60 * 1000; - -async function webauthn_create_credential() { - const response = await fetch("/.kittybox/webauthn/pre_register"); - const { challenge, rp, user } = await response.json(); - - return await navigator.credentials.create({ - publicKey: { - challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)), - rp: rp, - user: { - id: Uint8Array.from(user.cred_id), - name: user.name, - displayName: user.displayName - }, - pubKeyCredParams: [{alg: -7, type: "public-key"}], - authenticatorSelection: {}, - timeout: WEBAUTHN_TIMEOUT, - attestation: "none" - } - }); -} - -async function webauthn_authenticate() { - const response = await fetch("/.kittybox/webauthn/pre_auth"); - const { challenge, credentials } = await response.json(); - - try { - return await navigator.credentials.get({ - publicKey: { - challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)), - allowCredentials: credentials.map(cred => ({ - id: Uint8Array.from(cred.id, c => c.charCodeAt(0)), - type: cred.type - })), - timeout: WEBAUTHN_TIMEOUT - } - }) - } catch (e) { - console.error("WebAuthn authentication failed:", e); - alert("Using your authenticator failed. (Check the DevTools for details)"); - throw e; - } -} - -async function submit_handler(e) { - e.preventDefault(); - const form = e.target; - - let scopes = form.elements.scope === undefined ? [] : Array.from(form.elements.scope) - .filter(e => e.checked) - .map(e => e.value); - - const authorization_request = { - response_type: form.elements.response_type.value, - client_id: form.elements.client_id.value, - redirect_uri: form.elements.redirect_uri.value, - state: form.elements.state.value, - code_challenge: form.elements.code_challenge.value, - code_challenge_method: form.elements.code_challenge_method.value, - // I would love to leave that as a list, but such is the form of - // IndieAuth. application/x-www-form-urlencoded doesn't have - // lists, so scopes are space-separated instead. It is annoying. - scope: scopes.length > 0 ? scopes.join(" ") : undefined, - }; - - let credential = null; - switch (form.elements.auth_method.value) { - case "password": - credential = form.elements.user_password.value; - if (credential.length == 0) { - alert("Please enter a password.") - return - } - break; - case "webauthn": - credential = await webauthn_authenticate(); - break; - default: - alert("Please choose an authentication method.") - return; - } - - console.log("Authorization request:", authorization_request); - console.log("Authentication method:", credential); - - const body = JSON.stringify({ - request: authorization_request, - authorization_method: credential - }); - console.log(body); - - const response = await fetch(form.action, { - method: form.method, - body: body, - headers: { - "Content-Type": "application/json" - } - }); - - if (response.ok) { - window.location.href = response.headers.get("Location") - } -} - -document.getElementById("indieauth_page") - .addEventListener("submit", submit_handler); -- cgit 1.4.1